.ASPXFormAuth cookie and Machine Key

The .ASPXFormAuth cookie is being set to expire a year from the creation date when the remember me setting is being used.  However when a user returns to the site, they are not remembered even though the cookie has been set correctly, even in different browsers. 

For example: The cookie is set when the user logs in and checks "remember me".  This cookie is set to expire one year from the creation date, but only persists for some amount of time (but not a year) then when the user goes back to the site, they are forced to re-authenticate like the cookie never existed.  In this case, the issue is not being caused by the user’s browser, instead this is coming from IIS.  If the application pool for the site is recycled or restarted, the values stored for these authentication cookies are lost on the server side.

To prevent this from happening you can hardcode the MachineKey setting in your web.config file: http://msdn.microsoft.com/en-us/library/ff649308.aspx.  This setting will allow the application pool for your site to recycled or restarted and still maintain the values for the authentication cookies.

You can generate a machine key here: http://aspnetresources.com/tools/machineKey.



Applies to: Kentico CMS 6.x, 7.x